Closed loudapet closed 1 month ago
Well, this clarifies things, sadly (RFC9112)
When an origin server receives a request with an absolute-form of request-target, the origin server MUST ignore the received Host header field (if any) and instead use the host information of the request-target. Note that if the request-target does not have an authority component, an empty Host header field will be sent in this case. A server MUST accept the absolute-form in requests even though most HTTP/1.1 clients will only send the absolute-form to a proxy.
http://localhost:8080/testing.html
is recognized by nginx, but basically ignores both scheme and authority components.http://localhost:8080/testing.html
will net the same result ashttp://localhost:90/testing.html
orhttp://localhost/testing.html
or simplysmh://localhost/testing.html
. That indicates it ignores those components, but it will still manage to find the resource and reconstruct the correct URI from the header fields - our parser currently refuses anything that doesn't start with a slash.http://testing.html
calls the default page (not sure why, probably considerstesting.html
a host name).